NAT (Network Address Translator) - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

NAT (Network Address Translator)

Description:

Instead of requiring that each device behind the gateway have a globally unique ... Static mapping allows a static entry to be made in the mapping table which ... – PowerPoint PPT presentation

Number of Views:29
Avg rating:3.0/5.0
Slides: 20
Provided by: atifka
Category:

less

Transcript and Presenter's Notes

Title: NAT (Network Address Translator)


1
NAT (Network Address Translator)
In the name of God the most merciful and the most
compassionate
  • Atif Karamat

2
NAT Is it Necessary?
  • Scenario
  • One High Speed Dial Up, Multiple Devices
  • How to Share ?
  • Solution Gateway, but it requires that each
    device should have a unique IP address..
  • IP addresses may become an endangered species
    very soon..

3
NATThe Solution
  • NAT
  • Instead of requiring that each device behind the
    gateway have a globally unique IP address, then,
    we can allocate private addresses to such devices
    and the gateway can then translate private IP
    addresses in all traffic that passes through the
    connection.

4
NAT Scenario II
  • Network Security
  • Denial of Service
  • Trojan Horse Attacks
  • NAT drops all unsolicited inbound traffic, which
    minimizes threats of this kind.

5
NATWhat is It?
  • NAT
  • NAT exists primarily to allow machine on a local
    network to share a single internet connection by
    replacing the source address of each outgoing
    message with the address assigned to the shared
    connection.

6
NAT Components
7
NAT Requires
  • To function NAT requires to
  • Maintain a mapping between the original
    addressing information and the replaced
    addressing information.
  • Update the checksums to reflect the modifications
    made.

8
NAT NAT Gateway
  • The main component is the NAT Gateway. A basic
    NAT Gateway has two interfaces. One interface to
    public network and the other interface to private
    network.
  • A more advanced NAT gateway may have multiple
    interface i.e corporate network.

9
NAT Mapping Table
10
NATOperation
  • Traffic generated by client is received on the
    private interface. Gateway looks into the packet
    header, extracts the header in to and creates an
    entry in the mapping table. When the reply comes
    back, NAT looks up in the mapping table and
    directs the packet to the private client.

11
NAT Application I
  • Address Port Translation
  • Modification of source address and source ports
    (out going packets).
  • Modification of destination address and ports
    (Incoming packets).

12
NAT Application II
  • Address Mapping
  • A pool of private addresses is to be mapped to a
    smaller pool of public addresses.
  • Mapping from private to public addresses are
    established until no more addresses are
    available.
  • At this point, NAT may switch over to translation
    of port information.

13
NAT Application III
  • Static Mapping
  • To achieve security, the most important feature
    is that no unsolicited traffic may pass through
    NAT. But this feature prevents from hosting any
    service behind NAT.
  • Static mapping allows a static entry to be made
    in the mapping table which allows for unsolicited
    incoming traffic, only for that entry.

14
NAT Constraints I
  • Limited Port Numbers.
  • Using IP addresses in Payload
  • When the server on the public domain reads the
    address of the client in payload it doesnt
    recognize the private address.
  • Using Port number in payload
  • This may cause a failure because some time the
    port requested by a client is not available and
    so NAT is forced to assign some other port number.

15
NATConstraints II
  • Specifying port or range of ports
  • The server side should not be programmed to
    expect traffic from a specific port because the
    client may not be able to get the specific port.
  • Assuming that IP address will remain same during
    conversation
  • Mobile clients behind NAT

16
NAT Constraint III
  • Assuming that Application can receive unsolicited
    Inbound connections
  • Offering of any services behind NAT will fail.
  • Primary control session to a port is followed one
    or more secondary connection to different ports,
    which will fail.

17
NAT Design Principles I
  • IP address and port information shouldnt be
    embedded in the payload.
  • Use fully qualified domain names and/or user
    names where possible. Let DNS do the work.
  • Traffic shouldnt be required to originate from a
    specific port number.

18
NAT Design Principles II
  • Unsolicited inbound connections should be
    avoided.
  • Encrypted protocols should avoid the checksum
    cover the IP header, because NAT cannot decrypt
    and change the IP header information by default.

19
NAT Application Level Gateway (ALG)
  • When a protocol is unable to pass cleanly
    through a NAT, the use of an Application Level
    Gateway (ALG) may still permit operation of the
    protocol.
Write a Comment
User Comments (0)
About PowerShow.com